Re: Running GParted and Synaptic without entering password

On 2018-05-15, Richard Owlett <rowlett@xxxxxxxxxxx> wrote:
>> To block a group, I think you'd have to use a packet filter to
>> drop their outgoing packets. Take a look at
>> http://ipset.netfilter.org/iptables-extensions.man.html
>> under the heading "owner".
>
> That gives just enough information to tantalize ;[
> What should I search for to see a sample use.
> My only iptable knowledge is that they exist.
>
Apparently you can create a group:
sudo groupadd nonetty
Add existing user 'lydia'(and anyone else you'd like) to the group
sudo usermod -a -G nonetty lydia
Then an iptables rule like this
iptables -I OUTPUT 1 -m owner --gid-owner nonetty -j DROP
would prevent lydia (and others in the nonetty group) from riding
the innertubes.
I believe. More well-informed minds might pipe up or chime in at
this point, who knows?
(I'm looking at the link above without instantaneous edification, BTW.)